Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(zoe): revoke used-up payments #8982

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

feat(zoe): revoke used-up payments #8982

wants to merge 1 commit into from

Conversation

erights
Copy link
Member

@erights erights commented Feb 24, 2024
edited
Loading

closes: #XXXX
refs: #XXXX

Description

Prior to this PR, a used up payment was still a live exo object, even with one method that continued to work -- getAllegedBrand(). This PR wraps it with a revocable caretaker, and only exposes the caretaker as the payment. When the payment is used up, it is also revoked.

This PR is in theory not compat with code prior to this PR because getAllegedBrand() on a used up payment will no longer work. However, we have not seen that failure in practice.

Security Considerations

Since used up payments were already reliably powerless, the additional protection of a general revocation mechanism probably has no effect on actual security.

Scaling Considerations

This PR has a bit of a cost -- twice as many payment-ish objects, the underlying original payment and the new caretaker. However, by marking the exposed object as revoked, we hope eventually to make use of this known dead state to drop bookkeeping elsewhere. But we do not yet have a plausible story for doing so, in which case this PR imposes this code with no compensating performance benefit.

Documentation Considerations

Only that getAllegedBrand() stops working. Otherwise this PR should have no externally visible effects.

Testing Considerations

Because the revocable payment has a different "alleged" label, we had to fix some golden tests.

Upgrade Considerations

Payments already created prior to this PR will remain the underlying non-revocable payment. Only payments created after this PR will be revocable. However, the only observable anomaly is that getAllegedBrand() on those old payments will continue to work after they have been used up.

@erights erights self-assigned this Feb 24, 2024
@erights erights force-pushed the markm-move-revocability-to-base-zone-2 branch from 8bcd3b0 to f9fc35b Compare February 24, 2024 02:11
@erights erights force-pushed the markm-revoke-used-up-payments-3 branch from 26d1ad4 to db99ac8 Compare February 24, 2024 02:12
@erights erights force-pushed the markm-move-revocability-to-base-zone-2 branch from f9fc35b to 7a3e2c5 Compare February 24, 2024 02:25
@erights erights force-pushed the markm-revoke-used-up-payments-3 branch from db99ac8 to 4f749e3 Compare February 24, 2024 02:26
@erights erights force-pushed the markm-move-revocability-to-base-zone-2 branch from 7a3e2c5 to ade6ec9 Compare February 24, 2024 03:05
@erights erights force-pushed the markm-revoke-used-up-payments-3 branch from 4f749e3 to 782cac8 Compare February 24, 2024 03:06
@erights erights force-pushed the markm-move-revocability-to-base-zone-2 branch from ade6ec9 to 774a52e Compare February 24, 2024 03:49
@erights erights force-pushed the markm-revoke-used-up-payments-3 branch from 782cac8 to e70e068 Compare February 24, 2024 03:52
@erights erights force-pushed the markm-move-revocability-to-base-zone-2 branch from 774a52e to fba5993 Compare February 29, 2024 04:03
@erights erights force-pushed the markm-revoke-used-up-payments-3 branch from e70e068 to dd87509 Compare February 29, 2024 04:04
@erights erights force-pushed the markm-move-revocability-to-base-zone-2 branch 2 times, most recently from 99fce04 to 4bf8835 Compare March 29, 2024 16:33
Base automatically changed from markm-move-revocability-to-base-zone-2 to master March 29, 2024 17:11
@erights erights force-pushed the markm-revoke-used-up-payments-3 branch from dd87509 to 5ce33fb Compare March 30, 2024 01:57
erights
erights commented Mar 30, 2024
View reviewed changes
packages/wallet/api/test/test-lib-wallet.js Outdated
@@ -901,7 +901,7 @@ test('lib-wallet offer methods', async t => {
description: 'getRefund',
handle: {
kind: 'unnamed',
petname: 'unnamed-7',
petname: 'unnamed-6',
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change made blindly. Reviewers, how should I figure out whether I should worry about this change?

erights
erights commented Mar 30, 2024
View reviewed changes
packages/wallet/api/test/test-lib-wallet.js Outdated
@@ -914,7 +914,7 @@ test('lib-wallet offer methods', async t => {
},
inviteHandleBoardId: 'board0257',
meta: {
id: 9,
id: 8,
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change made blindly. Reviewers, how should I figure out whether I should worry about this change?

@erights erights mentioned this pull request Mar 31, 2024
Closed
@erights erights force-pushed the markm-revoke-used-up-payments-3 branch from 0a7af31 to 9ec6de5 Compare March 31, 2024 23:55
@erights erights mentioned this pull request Apr 1, 2024
Closed
10 tasks
@erights erights force-pushed the markm-revoke-used-up-payments-3 branch from 9ec6de5 to a70707f Compare April 6, 2024 01:48
@erights erights force-pushed the markm-revoke-used-up-payments-3 branch from a70707f to 721cc3e Compare April 14, 2024 20:06
@cloudflare-workers-and-pages Cloudflare Workers and Pages
Copy link

cloudflare-workers-and-pages bot commented Apr 14, 2024
edited
Loading

Deploying agoric-sdk with  Cloudflare Pages  Cloudflare Pages

Latest commit: f2f2f3b
Status: ✅  Deploy successful!
Preview URL: https://818c1b93.agoric-sdk.pages.dev
Branch Preview URL: https://markm-revoke-used-up-payment.agoric-sdk.pages.dev

View logs

@erights erights force-pushed the markm-revoke-used-up-payments-3 branch from 721cc3e to 81a7370 Compare May 9, 2024 00:17
@erights erights force-pushed the markm-revoke-used-up-payments-3 branch from 5bbeb1e to f883dcc Compare June 2, 2024 19:33
@erights erights force-pushed the markm-revoke-used-up-payments-3 branch 2 times, most recently from 49d7ec1 to 9d259f8 Compare June 13, 2024 14:08
@erights erights force-pushed the markm-revoke-used-up-payments-3 branch from 9d259f8 to 2d616e0 Compare June 22, 2024 04:02
@erights erights force-pushed the markm-revoke-used-up-payments-3 branch from 2d616e0 to 121d928 Compare July 3, 2024 00:29
@erights erights force-pushed the markm-revoke-used-up-payments-3 branch from 121d928 to e53274d Compare August 3, 2024 00:30
@erights erights force-pushed the markm-revoke-used-up-payments-3 branch from e53274d to 8723afa Compare August 5, 2024 00:08
@erights erights force-pushed the markm-revoke-used-up-payments-3 branch 3 times, most recently from 8fcdbbc to 3da98ca Compare September 7, 2024 20:50
@erights erights force-pushed the markm-revoke-used-up-payments-3 branch from 3da98ca to f2f2f3b Compare October 14, 2024 20:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@erights erights

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@erights